search

grealish / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Access to pwmadmin or user accounts granted with wrong credentials #298

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
Exp. Access Denied or Wrong Password...

What version of PWM are you using?
1.6.4 (release)

What ldap directory and version are you using?
OpenLDAP 2.4.26

LDAP works fine, no access is given with wrong credentials on other login 
ressources. Trace shows login with user pwmadmin. Plz check my 
Pwmconfiguration.xml

Thanks

Original issue reported on code.google.com by kosc...@web.de on 11 Nov 2012 at 7:19

Attachments:

GoogleCodeExporter commented 9 years ago 
I had the same problem. Disabling access through proxy solved the issue.

Modify ldap.alwaysUseProxy to the default value (don't use proxy)

Original comment by erapetti...@gmail.com on 15 Nov 2012 at 10:08

GoogleCodeExporter commented 9 years ago 
In the trace you've shared, you have 'ou=pwmadmin' as your PwmAdmin filter, and 
the user logging in aparently matches that.  So it seems working as desired.  
If you want a more restrictive set of access to admin, make a better filter.  
Anyone matching the ldap search filter will be granted access.

Original comment by jrivard on 25 Nov 2012 at 4:45

GoogleCodeExporter commented 9 years ago 
Modify ldap.alwaysUseProxy to the default value (don't use proxy)
fixed the issue...

Thanks for help...

Original comment by kosc...@web.de on 26 Nov 2012 at 2:52